Just a few things to add to mickmackusa's excellent answer...
- Consider using the
<label>HTML tag
In things like
Username:
<input type="text" name="username" maxlength="15"/>
When you click on a label, focus is sent to the input associated with it. This helps improve accessibility as well as other benefits - [Why use <label>?][1]Why use <label>?
<label for="username">Username:</label>
<input type="text" id="username" name="username" maxlength="15"/>
A general point about SQL
$sql = "SELECT * FROM `customer_data` WHERE username = '" . $username . "'";
Normally I would suggest only selecting the columns which you actually use. So in this case you would only use (including the addition of prepared statements)
$sql = "SELECT `password` FROM `customer_data` WHERE `username` = ?";
(for me) It is also worth sticking to using backticks round column and table names. If you always use them it can help as reserved words in table or column names can randomly become very useful (order tables can be common) and then SQL starts to complain unless it's in backticks.
In the next line, you don't check if the command actually worked...
$result = mysqli_query($conn, $sql);
You can either use something like
if ($result = mysqli_query($conn, $sql)) {
// process successful query
}
or use
mysqli_report(MYSQLI_REPORT_STRICT);
which makes PHP throw an exception when any errors occur ([explained here][2])
(I also can't work out how to make all of the stuff line in in the bullet points, but hopefully the content value is better than the layout) [1]: https://stackoverflow.com/questions/7636502/why-use-label [2]: https://stackoverflow.com/questions/18457821/how-to-make-mysqli-throw-exceptions-using-mysqli-report-strictexplained here)
